10 matches found
EUVD-2026-36462
Netty: QUIC stateless reset token material exposed through header-visible connection IDs...
Netty: QUIC stateless reset token material exposed through header-visible connection IDs
Summary Netty QUIC exposes the stateless reset token on the network path when using the default HMAC-based connection-ID and stateless-reset-token generators. The reset token for the server's current source connection ID can be derived from bytes that appear as the connection ID in QUIC headers...
GHSA-CQ4Q-CV5G-R8Q5 Netty: QUIC stateless reset token material exposed through header-visible connection IDs
Summary Netty QUIC exposes the stateless reset token on the network path when using the default HMAC-based connection-ID and stateless-reset-token generators. The reset token for the server's current source connection ID can be derived from bytes that appear as the connection ID in QUIC headers...
CVE-2026-50009
Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, Netty QUIC exposes the stateless reset token on the network path when using the default HMAC-based connection-ID and stateless-reset-token generators. The reset token for the...
UBUNTU-CVE-2026-50009
Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, Netty QUIC exposes the stateless reset token on the network path when using the default HMAC-based connection-ID and stateless-reset-token generators. The reset token for the...
CVE-2026-50009 Netty QUIC stateless reset token material exposed through header-visible connection IDs
Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, Netty QUIC exposes the stateless reset token on the network path when using the default HMAC-based connection-ID and stateless-reset-token generators. The reset token for the...
CVE-2026-50009
Netty QUIC (prior to 4.2.15.Final) exposes the stateless reset token on the network path when using the default HMAC-based connection-ID and stateless-reset-token generators. An on-path attacker observing QUIC headers after a source-CID rotation can derive the server’s current source-CID reset to...
CVE-2026-50009 Netty QUIC stateless reset token material exposed through header-visible connection IDs
Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, Netty QUIC exposes the stateless reset token on the network path when using the default HMAC-based connection-ID and stateless-reset-token generators. The reset token for the...
PT-2026-48901
Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.2.15.Final Description Netty QUIC exposes the stateless reset token on the network path when utilizing the default HMAC-based connection-ID and stateless-reset-token generators. Specifically, the...
Linux Distros Unpatched Vulnerability : CVE-2026-50009
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, Netty QUIC exposes the stateless reset...